I have read several times about issues with QR Code security but have rarely found examples, until today I stumbled upon this article from the BBC in December. Although mainly about the security issues of HTML 5 it also raises the issue of QR Codes where the problem appears more physical than it is technological. Since it is obviously impossible to tell where a QR Code is going to direct your phone when you scan it some fraudsters have already started taking advantage. By placing their own QR Code sticker physically on top of the other barcode they can direct users to any site they wish.
My first reaction to this was that with a bit of common sense it could be avoided; almost all barcode readers, such as Softek’s, show the user the URL they are about to be directed to before taking them there. However to make QR Codes cleaner and easier to use companies sensibly use URL shortening tools such as bit.ly to produce a more concise link, this though obviously makes it harder for a user to tell where they are going.
This then does present a real issue, but only insofar as where it is advisable to scan a QR Code. For example on some scrappy poster or sticker it would appear a risky move. However if the QR Code is on an advertising poster, behind perspex/glass then it is obviously much safer; same goes for magazines where people are far more likely to use them. My main point is that in the places where people have the ability to tamper with the QR Codes it probably is not worth using them anyway and I doubt many people do. QR Codes are effective but only in the correct situation where someone is likely to have the time to scan it and when there is a real benefit offered to the user.
Therefore caution and common sense is the best way to stay protected, which is increasingly important with mobile phones containing ever more sensitive data. Although there are dodgy QR Codes out there, just as there are fraudulent emails, the situation in which you find it should give you all the information you need.
Anyone ever found a ‘dodgy’ QR Code?